Healthcare News & Insights

Mitigating eDiscovery challenges in the healthcare industry

At this point in technological advancement, almost every industry is producing myriad terabytes of electronically stored information (ESI) daily. And that means when litigation arises, there’s an ever-growing number of documents that need to be collected and analyzed for admissibility and relevance in the case. That process of electronic discovery, or eDiscovery, can come with unique challenges in the healthcare industry because there are various outside factors that need to be taken into consideration, such as the handling of personal information, working with industry rules and regulations, investigating product liability and others.

In this guest post, Barry Schwartz, Esq., CEDS, SVP of Advisory Services at a national eDiscovery and digital forensics company, highlights a few specific challenges to eDiscovery in health care and ways to manage them:


Privacy limitations

While privacy is a concern in any legal matter, it’s especially pertinent in healthcare litigation. All data must be handled according to HIPAA and HITECH to ensure the privacy and security of certain health information, which means the process, the technology and the security of the vendor should be thoroughly vetted. A HIPAA violation alone can result in penalties as high as $25,000 per incident, and the penalties are increased under HITECH – up to $250,000, with repeat or uncorrected violations extending up to $1.5 million.

While not every healthcare-related case requires pulling medical files for specific patients, it does happen, and it’s important to be ready. That may mean using redactions and having a strong quality control process to back it up, or it may involve a strict court order or a private agreement between the interested parties regarding how the data will be handled, limiting the use of that data to only that litigation. It may also include filing the documents under seal so they won’t become public record.

It’s important to establish protocols so all legal matters are handled in a consistent, secure and defensible manner. The best way to do that is to create a team that includes legal counsel, eDiscovery professionals and technical consultants to ensure all steps of the process are outlined effectively and performed within the boundaries of all regulations.

Large amounts of data

The data in a healthcare case can pile up quickly, especially in multi-district litigation (MDL) or class action suits that require collection from potentially hundreds or thousands of patients affected by the alleged issue, such as in a product liability case. It can also require going back to the manufacturer and obtaining any complaint files that would be relevant about the product, as well as procuring files and correspondence from doctors, hospitals, long-term care facilities, pharmaceutical companies and patients – all of which can add up to millions of documents.

The complexity is compounded when files are in proprietary databases or atypical formats, which can require a tailored solution to be able to review that data in the same format as more traditional files. That, of course, further leads to increased costs, especially if careful pre-planning steps aren’t taken.

One of the best ways to work with large amounts of data is to know where all of it is, what kind of data it is and who has access to it. Those questions and more should be handled through a stringent custodian questionnaire process, which can be set up and easily handled through an eDiscovery platform. That will ensure you know where all the potentially relevant data resides, the best ways to handle that data, and you can also gain additional insight and facts about the circumstances of the case.

Once appropriate data is collected, it’s important to have a strong review process that incorporates user-friendly and robust technology and a skilled, experienced team of attorneys. New analytics platforms that incorporate machine learning can make the workload more manageable by quickly finding the most relevant documents. Such platforms can also help you sort through the data easier using deduping, email threading, conversation indexes and deep analysis tools.

Frequency of litigation

Let’s face it – there’s a lot of litigation in the healthcare industry. Legal matters spring up regularly involving a wide range of cases, such as intellectual property, medical malpractice, product liability, mental health and more. That’s why it’s important to have a repeatable eDiscovery process, tailored to your organization’s needs and requirements, so it becomes a standard business procedure.

That customized process should be detailed in a formal written plan or similar format that’s easily accessible by your legal event team. It should include your policies and best practices for each step – from managing the first legal hold to presenting data in court. The importance of this cannot be overstated, as courts are apt to openly admonish – and sanction – legal teams for unpreparedness and blunders, such as improperly interviewing custodians and failing to implement timely preservation procedures leading to the destruction of relevant evidence, like in Small vs. University Medical Center of Nevada. The more steps that the organization has ironed out, the less of a burden (and fire drill) frequent litigation will be. And what’s more, that planning can significantly cut your eDiscovery costs overall.

Record retention requirements

Record retention requirements in health care, surprisingly, aren’t as severe as in some other industries. In the financial sector, for example, every communication with a client needs to be saved for seven years. However, HIPAA only requires that clinical information is kept for six years. For medical device manufacturers or pharmaceutical manufacturers, the period is much longer. Those files need to be maintained for the life of the product and then some. Although the statute of limitations for most medical malpractice is only two to six years depending on the state, relevant evidence could potentially date back much further than that.

It’s important to establish a policy of what data to keep, where it should be kept, who has access to it and how long it should be kept, as well as what data to delete, when it should be deleted and what the process is to ensure it’s deleted securely and defensibly. Once the policy is outlined, it should be regularly implemented and audited so it remains justifiable if questioned in court. Be mindful that while a litigation event has ended, the obligation to maintain the data related to the matter may still be subject to other retention rules or other litigation matters. And conversely, pending litigation may require the continued retention of files that otherwise need no longer be preserved after the regulatory retention period expires.  So, it’s critical that your data retention and litigation hold policies are coordinated.

Government involvement

In addition to litigation, many healthcare companies may be involved in state or federal government investigations. In a case with alleged damages from a faulty medical product, for example, a government organization like Medicaid might be required to pay out damages to uninsured people in its jurisdiction.

It’s important to have the right legal team, eDiscovery vendor and litigation technology in place to ensure any data requests are handled quickly and accurately. If you have set up a tailored, pre-planned eDiscovery process, that helps things run even smoother. Additionally, because government requests can be very broad, your team should be able to get detailed information to narrow the scope of the job, including the goals of collection, duration of the collection period and deadlines.

Every eDiscovery challenge in the healthcare industry can be overcome. The key is to be prepared. Since any company involved in health care is likely to end up in litigation, it’s important to think the process through on the front end so eDiscovery is handled speedily, correctly and completely – every time.

Barry Schwartz, Esq., CEDS, is SVP, Advisory Services at BIA, a leading national eDiscovery and digital forensics company. Barry Schwartz is highly proficient in discovery and document review matters and holds more than 35 years of legal and business consulting management experience.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

Speak Your Mind